Jump to content


Photo

Uploading a File.


  • Please log in to reply
9 replies to this topic

#1 supanoob

supanoob
  • Members
  • PipPipPip
  • Advanced Member
  • 342 posts

Posted 10 July 2006 - 03:41 PM

well, i want to allow users to upload an image.

so far this is what i have

if ($step == 1)
{
if ($REQUEST_METHOD == "POST")
{

 

    
    $uploaddir =  $_SERVER['DOCUMENT_ROOT'] . "/images/";
    
    

    $pext = getFileExtension($imgfile_name);
    $pext = strtolower($pext);
    if (($pext != "jpg")  && ($pext != "jpeg")  && ($pext != "bmp")  && ($pext != "dib")  && ($pext != "png"))
    {
        print "<h1>ERROR</h1>Image Extension Unknown.<br>";
        print "<p>Please upload only images with the extensions .jpg, .jpeg, .bmp, .dib and .pngONLY<br><br>";
        print "The file you uploaded had the following extension: $pext</p>\n";

        unlink($imgfile);
        exit();
    }



    $imgsize = GetImageSize($imgfile);


    if (($imgsize[0] > 250) || ($imgsize[1] > 200))
    {

        $tmpimg = tempnam("/tmp", "MKUP");



        system("djpeg $imgfile >$tmpimg");
        

        system("pnmscale -xy 250 200 $tmpimg | cjpeg -smoo 10 -qual 50 >$imgfile");


        unlink($tmpimg);

    }

    $final_filename = str_replace(" ", "_", $imgfile_name);
    $newfile = $uploaddir . "/$final_filename";
    

    if (is_uploaded_file($imgfile))
    {


       if (!copy($imgfile,"$newfile"))
       {

          print "Error Uploading File.";
          exit();
       }
     }

    unlink($imgfile);

    
    print("<img src=\"$final_filename\">");


}
}

now the actual form they use is:

          <form action="playdes.php?step=1" method="POST" enctype="multipart/form-data">
          <input type="hidden" name="MAX_FILE_SIZE" value="50000">
          <p>Upload Image: <input type="file" name="imgfile"><br>
          <font size="1">Click browse to upload a local file</font><br>
          <br>
          <input type="submit" value="Upload Image">
          </form>

the problem is whenever i go to test the form, i get the following error message:

Fatal error: Call to undefined function: getfileextension() in /home/content/A/r/c/ArchAngel390/html/playdes.php on line 42


and i cant understand why can someone shed a little light upon the problem?

#2 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 10 July 2006 - 04:02 PM

The function isn't set
use something like
if (is_function($getFileExtension)) {
echo "This is a function";
}else {
echo "This is not a function";
}
try this out for a test first, find out if the function even exists.
If that turns out else, then something is wrong, if the function exists, then make sure it's included properly if it's in an extra page.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#3 supanoob

supanoob
  • Members
  • PipPipPip
  • Advanced Member
  • 342 posts

Posted 10 July 2006 - 05:56 PM

it comes up with the same thing :S

#4 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 10 July 2006 - 06:00 PM

Then the function isn't set, are you using it in an include, if so use require_once()
instead o
because it won't runt hte script unless it's included.
Then go to the other page where your function exists, and test the script there, the one I showed you, if it says it doesn't exist, even if you use it on the same page where the function is, then something is wrong with the function itself, in that case display the function here.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#5 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 10 July 2006 - 06:06 PM

getFileExtension() is not a predefined PHP function and I don't see it defined anywhere in your code.

You could write your own. Something like:
<?php
function getFileExtension($fn) {
   $x = pathinfo($fn);
   return($x['extension']);
}?>

Ken

#6 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 10 July 2006 - 06:16 PM

Look at the code to learn how to set a function ok.
good luck.


test.php

<?php

include("test_result.php");
?>

<table border="4" align="center">
<td>
A user i no has the age of <?php get_age($age) ?>

</td>
</table>




test_result.php
<?php

$age=10;

function get_age($age) {

if($age > 9) {

echo "9";

}
}
?>

Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#7 supanoob

supanoob
  • Members
  • PipPipPip
  • Advanced Member
  • 342 posts

Posted 10 July 2006 - 08:12 PM

FFS, i have the funtion file now. and now i get this error

Possible file upload attack: filename ''.
Fatal error: Call to undefined function: getfileextension() in /home/content/A/r/c/ArchAngel390/html/playsub.php on line 118


the whole of my php code for my actual action is below:

<?php
session_start();

//this code is compyright to supanoob http://www.twottk.com
// to use this code you must have his permission to gain
// permission please mail him at webmaster@twottk.com
require_once('header.php');
require_once('imgfile_name.php');
if (!$_SESSION['valid_user']) 

{ echo 'you are not logged in'; 

die();
} 
$user=$_SESSION['valid_user'];

$query="select playerid, rank, jail, postcount, race, posx, won, lost, wonid, lostid, posy, arm1, race, facd, fach, face, arm2, arm3, arm4, jailreason, user, wep1, wep2, wep3, wep4, name, email, win, lose, total, gold, fatigue, maxfat, power, speed, dex, intel, health, maxhealth, gender from players where user='$user'";
$result=mysql_query($query);
if (!$result)
{
die (mysql_error());
}

$num_rows=mysql_num_rows($result);

$row=mysql_fetch_array($result);
$rank=($row['rank']);
$jail=($row['jail']);
$jailreason=($row['jailreason']);
$playerid=($row['playerid']);
$name=($row['name']);
$gold=($row['gold']);
$user=($row['user']);
$password=($row['password']);
$fatigue=($row['fatigue']);
$maxfat=($row['maxfat']);
$power=($row['power']);
$speed=($row['speed']);
$dex=($row['dex']);
$intel=($row['intel']);
$health=($row['health']);
$maxhealth=($row['maxhealth']);
$gender=($row['gender']);
$win=($row['win']);
$lose=($row['lose']);
$total=($row['total']);
$race=($row['race']);
$wep1=($row['wep1']);
$wep2=($row['wep2']);
$wep3=($row['wep3']);
$wep4=($row['wep4']);
$arm1=($row['arm1']);
$arm2=($row['arm2']);
$arm3=($row['arm3']);
$arm4=($row['arm4']);
$face=($row['face']);
$fach=($row['fach']);
$facd=($row['facd']);
$chardes=($row['chardes']);
$realname=($row['realname']);
$age=($row['age']);
$description=($row['description']);
$hobbies=($row['hobbies']);
$imgurl=($row['imgurl']);
$posx=($row['posx']);
$posy=($row['posy']);
$won=($row['won']);
$wonid=($row['wonid']);
$lost=($row['lost']);
$lostid=($row['lostid']);
$postcount=($row['postcount']);

$_SESSION['valid_user'] = $user;

if ($jail > 0)
{
echo "you are in jail for $jail more days, the reason being:<br /> $jailreason";

die();
}

if ($step == 0)
{
$realname=$_POST['realname'];
$age=$_POST['age'];
$description2=$_POST['description'];
$hobbies=$_POST['hobbies'];
$imgurl=$_POST['imgurl'];

$sql2="UPDATE players SET realname='$realname', age='$age', description='$description2', hobbies='$hobbies', imgurl='$imgurl' WHERE user='$user'";
if(mysql_query($sql2));
}



if ($step == 1)
{
if ($REQUEST_METHOD == "POST")
{

    /* SUBMITTED INFORMATION - use what you need
     * temporary filename (pointer): $imgfile
     * original filename           : $imgfile_name
     * size of uploaded file       : $imgfile_size
     * mime-type of uploaded file  : $imgfile_type
     */

     /*== upload directory where the file will be stored
          relative to where script is run ==*/
    
    $uploaddir =  $_SERVER['DOCUMENT_ROOT'] . "/images/";
    
    
    /*== get file extension (fn at bottom of script) ==*/
    /*== checks to see if image file, if not do not allow upload ==*/
    $pext = getFileExtension($imgfile_name);
    $pext = strtolower($pext);
    if (($pext != "jpg")  && ($pext != "jpeg")  && ($pext != "bmp")  && ($pext != "dib")  && ($pext != "png"))
    {
        print "<h1>ERROR</h1>Image Extension Unknown.<br>";
        print "<p>Please upload only images with the extensions .jpg, .jpeg, .bmp, .dib and .pngONLY<br><br>";
        print "The file you uploaded had the following extension: $pext</p>\n";

        /*== delete uploaded file ==*/
        unlink($imgfile);
        exit();
    }


    //-- RE-SIZING UPLOADED IMAGE

    /*== only resize if the image is larger than 250 x 200 ==*/
    $imgsize = GetImageSize($imgfile);

    /*== check size  0=width, 1=height ==*/
    if (($imgsize[0] > 250) || ($imgsize[1] > 200))
    {
        /*== temp image file -- use "tempnam()" to generate the temp
             file name. This is done so if multiple people access the
            script at once they won't ruin each other's temp file ==*/
        $tmpimg = tempnam("/tmp", "MKUP");

        /*== RESIZE PROCESS
             1. decompress jpeg image to pnm file (a raw image type)
             2. scale pnm image
             3. compress pnm file to jpeg image
        ==*/
        
        /*== Step 1: djpeg decompresses jpeg to pnm ==*/
        system("djpeg $imgfile >$tmpimg");
        

        /*== Steps 2&3: scale image using pnmscale and then
             pipe into cjpeg to output jpeg file ==*/
        system("pnmscale -xy 250 200 $tmpimg | cjpeg -smoo 10 -qual 50 >$imgfile");

        /*== remove temp image ==*/
        unlink($tmpimg);

    }

    /*== setup final file location and name ==*/
    /*== change spaces to underscores in filename  ==*/
    $final_filename = str_replace(" ", "_", $imgfile_name);
    $newfile = $uploaddir . "/$final_filename";
    
    /*== do extra security check to prevent malicious abuse==*/
    if (is_uploaded_file($imgfile))
    {

       /*== move file to proper directory ==*/
       if (!copy($imgfile,"$newfile"))
       {
          /*== if an error occurs the file could not
               be written, read or possibly does not exist ==*/
          print "Error Uploading File.";
          exit();
       }
     }

    /*== delete the temporary uploaded file ==*/
    unlink($imgfile);

    
    print("<img src=\"$final_filename\">");

    /*== DO WHATEVER ELSE YOU WANT
         SUCH AS INSERT DATA INTO A DATABASE  ==*/

}
}

?>


and my function is below:

<?php
session_start();

if (is_uploaded_file($_FILES['userfile']['imgfile_name'])) {
   echo "File ". $_FILES['userfile']['name'] ." uploaded successfully.\n";
   echo "Displaying contents\n";
   readfile($_FILES['userfile']['imgfile_name']);
} else {
   echo "Possible file upload attack: ";
   echo "filename '". $_FILES['userfile']['imgfile_name'] . "'.";
}

?>


#8 supanoob

supanoob
  • Members
  • PipPipPip
  • Advanced Member
  • 342 posts

Posted 11 July 2006 - 11:28 AM

bump

#9 supanoob

supanoob
  • Members
  • PipPipPip
  • Advanced Member
  • 342 posts

Posted 12 July 2006 - 07:59 PM

any help?

#10 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 12 July 2006 - 08:08 PM

See my reply #4

Ken




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users